Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
P3p
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Dispatcher
X-WebKit-CSP
EagleEye-TraceId
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Akamai-Path-Stats
X-Cache-Spec
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
Accept-CH
X-Aws-Lambda-Call-Status
Surrogate-Control
X-Backend-Server
X-CST
Request-Id
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Accept-CH-Lifetime
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Url
Cf-Edge-Cache
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-Ruxit-JS-Agent
X-Rack-Cache
X-MS-InvokeApp
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-Content-Type
X-ESI
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Px
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Amz-Rid
X-Ac
X-Cnection
Public-Key-Pins
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Amz-Server-Side-Encryption
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-FastCGI-Cache
X-Sol
X-Middleton-Display
Pagespeed
Display
X-GitHub-Request-Id
X-Country-Code
X-Ser
Arr-Disable-Session-Affinity
X-Version
X-Ruxit-Js-Agent
X-Edge
Access-Control-Request-Method
X-NF-Request-ID
X-Middleton-Response
Response
X-Goog-Hash
X-Correlation-Id
X-Upstream
AR-ATIME
AR-CACHE
AR-SID
AR-Request-ID
AR-PoweredBy
X-Kinsta-Cache
X-Ttl
X-Edge-Location-Klb
X-Cached
X-Webkit-Csp
X-TTL
SPRequestDuration
SPIisLatency
X-LLID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-NWS-LOG-UUID
Nginx-Cache
MS-Author-Via
X-Powered-CMS
X-RateLimit-Limit
Edge-Cache-Tag
TCN
X-Cache-Key
X-Litespeed-Cache
MRF-Tech
Mrf-Cache-Status
X-Forwarded-For
X-MSEdge-Ref
X-SharePointHealthScore
SPRequestGuid
Content-MD5
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Protected-By
X-Content-Digest
X-Language
X-Ua-Device
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Frontend
X-ORACLE-DMS-ECID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ua-Browser
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-ORACLE-DMS-RID
X-Content
Server-Node
X-Ab
X-Request-Processing-Time
Front-End-Https
X-Request-Received
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-DataDome
X-Grace
X-Accel-Expires
Filters
Fastcgi-Cache
X-Mid
X-Server-ID
X-ECACHE
X-Geo-Country
X-Template
X-Hits
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Ratelimit-Reset
X-Origin-Server
X-Debug-Info
TP-Cache
TP-L2-Cache
X-Distributor
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-Trace-Id
Charset
Cleartype
Host
X-Page-Id
X-DIS-Request-ID
X-Git-Hash
X-F-Cache
Cross-Origin-Opener-Policy
X-B3-Sampled
X-DynaTrace
X-Www-Served-By
X-PressLabs-Stats
Cache-Tags
ServerID
X-Forwarded-Proto
Access-Control-Allow-Method
X-LB-Cache
X-Cache-Age
X-Seen-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-MCACHE
X-Cluster-Name
Server-Name
X-Az
X-Activity-Id
X-AppVersion
X-WebKit-CSP-Report-Only
Realpath
X-Varnish-Age
Accept-Charset
X-Request-Handler-Origin-Region
X-Aspnetmvc-Version
X-Microsite
X-Rid
Filterid
Cache-Status
X-Content-Options
X-Type
X-Origin-Cache
X-Upgrade-Enabled
X-App-Environment
X-Mobile-URL
X-Via-JSL
X-FB-Debug
X-User-Agent
Viewport
Country
X-Varnish-Grace
Node
X-Wix-Request-Id
X-Tb
Paypal-Debug-Id
X-Signature
X-Whom
X-Route-Name
DC
X-B-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Drupal-Cache-Tags
Protected
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-XRDS-LOCATION
X-Goog-Storage-Class
X-Goog-Metageneration
X-Oracle-Dms-Ecid
X-Goog-Generation
X-TT
X-GUploader-UploadID
X-VCache
X-NWS-UUID-VERIFY
X-Fastly-Request-ID
X-Oracle-Dms-Rid
Fastcgi-Useragent
X-Nginx-Upstream-Cache-Status
Retry-After
X-Varnish-Backend
X-Oneagent-Js-Injection
Payment
X-Contextid
X-Cache-NGX
X-N
X-B
X-Amz-Replication-Status
X-Fastly-Request-Id
X-Debug
X-Fastcgi-Cache
X-Logged-In
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-XRDS-Location
WPO-Cache-Message
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
X-Hostname
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Parallel-Accel
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Buckets
X-Browser-Type
X-Trace-Id
Count-Hit
X-Erf-Bev-Bev
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
X-Mobile
Refresh
Akamai-GRN
X-Rendered-As
X-Real-IP
X-Revision
X-UUID
X-Zen-Fury
X-Jobs
X-Akamai-Request-ID2
X-G
X-Cache-Time
X-Is-Bot
Healthy
Uber-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
Alternate-Protocol
X-Page-View
X-Http-Reason
X-Framework
NGB
X-Instance
X-Proxy-Cache-Status
X-Cache-Rule
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Amz-Meta-S3cmd-Attrs
X-Debug-IsPreview
X-Debug-IsConnected
X-Device-Type
X-Yottaa-Metrics
Content-Disposition
X-Yottaa-Optimizations
X-Adobe-Loc
X-Vgn-Hpd-Reason
X-Adobe-Content
X-IPLB-Instance
Access-Control-Request-Headers
From-Origin
Url
X-Source
X-Servername
X-COUNTRY
Version
X-Cache-Expired-At
X-Cache-Grace
X-Varnish-Server
Referer-Policy
X-Cache-Hit
Permissions-Policy
Accept-Language
X-Environment-Context
X-L-Path
X-Mcache
X-ECache
X-App-Server
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-FW-Version
X-Cache-Action
X-RTag
Ms-Operation-Id
MS-CV
Cross-Origin-Window-Policy
X-NGENIX-Cache
X-Restarts
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Countrycode
X-IPS-LoggedIn
Backend
X-Tumblr-User
X-ProcessESI
X-RemovedCookies
X-Hyper-Cache
Liferay-Portal
CF-IPCountry
X-NYM-Debug-Backend
Frame-Options
Content-Secure-Policy
X-Rule
Ec-Rule-Version
X-HTML-Minification-Powered-By
X-Datadome
X-Cache-Server
X-Nginx-Cache
Meta-Geo
X-UPSTREAM-Address
WP-Super-Cache
Upgrade-Insecure-Requests
X-Redis-Cache
X-PCL
X-OCL
X-RN-RSRV
X-Format
X-No-Session
X-Generation-Time
X-Unique-Id
Apigw-Requestid
X-Detected-As
X-Cache-Enabled
X-Content-Age
X-FB-TRIP-ID
X-Cluster-Node
X-APP-VERSION
Cache-Tv-Group
X-Ua
Section-Io-Cache
X-Access
X-Section
Azure-SlotName
Azure-SiteName
X-Uri
X-Request-Time
X-Generated-By
X-Say-TTL
Azure-Version
X-Say-Cacheable
X-Hosted-By
X-Region
X-Urbn-Context-Path
Azure-InstanceId
X-UA-Device-Type
X-Urbn-Site-Id
Azure-RegionName
X-Storage
Property-Id
S-Rt
Webcakes-Region
X-Akamai-Edgescape
X-ApacheServer
X-AOL-HN
TWC-Connection-Speed
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Server-W
Webcakes-App-Name
TWC-Device-Class
X-Origin-Date
X-Be
X-Web-Node
TWC-Privacy
X-Human
X-Via-Fastly
X-Varnish-Cache-Hits
Locale
X-SayCDN-TTL
Mn-Server-Ip
X-Sql-Count
X-Site-Version
X-Origin-Hint
X-PERF
X-Sql-Duration-Ms
Fastly-SSL
TWC-GeoIP-Country
X-Mode
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
X-Forwarded-Host
X-Status
CDN-RequestId
CDN-Uid
X-Cache-Host
X-BYPASS-REASON
X-Xfnlog-Site
X-Cache-Tags
X-Cache-Type
X-Debug-Cache
X-Content-Powered-By
X-Nginx-Cache-Key
CDN-EdgeStorageId
X-Platform-Server
X-ProxyCache-Status
X-PHP-Backend
X-ProxyCache-Key
X-Extlb
Eomportal-Instance
X-ServerID
X-Cache-Operation
X-JoinUs
X-Routing-Service
X-Zipkin-Id
X-Backend-Name
X-Tid
X-Hl-Ver
X-Accel-Buffering
X-Proxied
X-SaId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-TT-LOGID
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
X-Varnishpool
ServedBy
X-Timing-Wait
X-Adobe-Source
Selected-Fe
X-Webkit-CSP
X-Proxy-Build
Webserver
X-NewRelic-App-Data
X-Cache-Remote
X-Handled-By
X-Rewrite-Enabled
X-Ratelimit-Limit
SID
X-Labrador-Cache-Channel
Xserver
X-PHP-Host
X-Locale
X-GG-Cache-Date
X-LSADC-Cache
X-LJ-Flow-ID
X-Pubstack
X-AWS-Id
X-Soup
X-VWS-Id
SRV
X-VC-Cache
LB
X-Cached-By
X-Dc
Fastly-Drupal-Html
Mime-Version
X-CDN-Forward
Country-Code
Decoy-Debug-Key
X-Proto
X-Edge-Location
X-GEO
Decoy-Debug-Status
X-Request-Host
Decoy-Debug-TTL
Web-Mar-Node
X-Reqid
X-Microcachable
X-Storefront-Renderer-Rendered
Xet-Cookie
Onion-Location
X-App-Version
X-Origin-TTL
X-Origin-CC
X-Ms-Request-Id
X-Ms-Version
Server-Info
X-Varnish-Hostname
X-TA-CDN-Provider
X-Cms-Context
X-NCache
Cache-Hits
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-SRV
DynaTrace
X-Bc-Bl
X-Cluster
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Varnish-Hits
X-R9-Blue-Green-Version
X-B3-SpanId
Load-Balancing
X-CSRF-Token
X-GeoCode
X-GeoCountry
X-Varnish-Beresp-Grace
X-Amzn-RequestId
X-Azure-Ref
X-Endurance-Cache-Level
X-Amz-Apigw-Id
X-Tec-Api-Root
X-TIME
DB-Nickname
X-Envoy-Decorator-Operation
X-Origin-Response-Time
X-Tec-Api-Origin
X-Tec-Api-Version
Cache-Name
X-RCS-CacheZone
X-Ec-Fail
X-Forwarded-Path
X-External-Request-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-CF-Lambda-Version
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
X-A-Dgt
Fastcgi-X-Cache-Version
X-Aed
Expiry
X-A-Wwc
Host-ID
Lang
Meta-Geo-Continent
Mobile-Detection-Method
Odigeo-Trace-Id
Pramga
Rendered-Blocks
T-Server
Surrogated-Key
Sslversion
X-AK-Request-ID
X-Application
X-CF-Lambda-Fn
X-Cdn-Srv
X-Cache-NE
BehaviorPad-Version
X-Conf
A
X-Destination
X-D
X-Connection-Hash
X-Cache-Id
X-Cache-Bucket
X-ARC
DCR-Decision-By
DCR-Processing-Time-Ms
Cmstype
Cmsid
Cdncip
Cdnsip
X-B-Cookie
X-Developer
X-Men
X-NAPM-TraceId
X-NodeID
X-From
X-Rojux
X-SRCache-Key
NM-Fastcgi-Cache
X-LAGOON
X-User
X-VG-WebCache
X-Tenant
X-TIM-N
X-Processor
X-Midtier
X-TrackingId
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Vdms-Version
X-Orig-Expires
X-Vdms-Path
X-Vtex-Processado-Em
X-S
X-S-Cookie
X-Gzip
X-Session-Fingerprint
X-Ftr-Request-Id
X-Geo-Header
X-Webstats-RespID
X-Magnolia-Registration
X-ScT
X-Shop-Environment
X-Ig-Push-State
X-Vtex-Remote-Cache
X-SD-PageType
X-HS-Content-Campaign-Id
X-Hash
Xc-Version
X-Via-NSCOPI
X-Tx-Id
X-Sigma-Backend
X-Slack-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TNCMS
X-Block-Status
X-Amzn-Remapped-Content-Length
Wxu-Next-Commit
State
X-Viewer-Country
User-Cache-Control
V-Age
Server-Host
X-WADP-Cache
Platform
X-Worker
X-Wix-Viewer-Type
Producers
Vix-Hermes-Req-Id
We-Hiring
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
Wxu-Next-Region
Wxu-Next-Hostname
X-VG-TLSProxy
Web-Mar-Region
X-Cache-Backend
X-V-Cache
X-RPM
X-Mvc-Supplant-Cachable
X-DW
X-Loop
X-Location
X-Node-Id
X-Nyt-Route
X-DPWN-IS-SECURE
X-Old-Content-Length
X-DSS
X-JWT-State
X-Is-Gdpr
X-Gdpr
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Gen-Mode
X-GeoIP
X-Irp-Debug
X-Hnp-Log
X-Has-Esi
X-DI
X-Device-Os
X-RPS
X-Core-Mission
X-Core-Value
X-Rocket-Build-Number
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Cache-Info
X-Scheme
X-RSL
X-Request-URI
X-DB
X-Origin-Time
X-Origin-Expires
X-Developers
X-Planisys-CDN-Cache
X-DefHash
X-DefElseHash
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Sigma
Svr
Apple-News-Services-Handled
AKAMAI
Machine
Adler-Geo
Apple-News-Services-Host
Environment
Fastly-GeoIP-CountryCode
Is-Eu
Apple-News-Services-Request-Url
Mail-Subject
Apple-News-Services-Parsed-Url
Memcached
X-Varnish-Ttl
CDN
X-EC-Lua
Source
X-Proxy-Cache-Info
X-Policy
X-BBC-Edge-Cache-Status
X-Generated-On
X-Proxy-Upstream
CloudFront-Viewer-Country
X-Branch-Name
X-Auto-Login
X-RateLimit-Remaining-Second
X-Gamma-Serve
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Aicache-OS
X-Eu-Site
CDCHOST
X-Qloud-Router
Cluster
X-Platform
X-Csrf-Jwt
X-Origin
X-Level-Front-Cache
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Loc
X-Httpd
X-CGP
Cache
X-Minions-Version
X-Cache-Date
Arc-Country
X-Cdn-Origin
X-HN
X-GeoIP-City
X-Pod-Name
X-Rebelmouse-Surrogate-Control
X-Sn-Servicetimems
Locid
X-Region-Sid
X-Skip-Cache
X-Akamai-Transformed
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Origin-CC
X-Thinkindot-L3
X-SB
Req-Svc-Chain
Release
PFcat
X-VServer
X-VarnishDD-TTL
Origin-EX
Redirect-Candidate
Origin
X-Rocket-Nginx-Serving-Static
Thinkindot-Control
Ha-Gx-Prefs
X-Response-By
Fastly-SWR
Fastcgi-Cache-TTL
Fastly-SIE
HA-Ipaddr
Gh-Request-Id
N-Cache
Traceparent
X-Server-IP
L5d-Success-Class
X-Served-From
Kp-EeAlive
L
GEO-INFO
X-TraceId
X-Forwarded-Site
X-Pool
X-Ec-Custom-Error
HostName
Ssr
X-Date
NGX
X-Accel-Expires-Debug
X-Presslabs-Stats
X-CS
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Owner
X-GeoIP-Country-Code
X-WP-CF-Super-Cache-Cache-Control
X-NC
MD5-Digest
X-WP-CF-Super-Cache
X-GeoIP-Region-Code
X-Optimistic-Header
DSUID
X-Udemy-Cache-App-Namespace
X-Srv
X-API-Version
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Time
Env
X-CacheTTL
X-Dispatcher-Number
X-Newrelic-Synthetics
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
X-Ah-Environment
X-Cache-Debug
Fusion-Source
Time
X-LB-NoCache
Fusion-Template-Id
X-Mvc-Supplant-OutputCached
Fusion-Component-Id
Server-Ext
IsBot
X-Edge-Pop
Server-Hostname
Servername
X-SIPLIST1
X-Via-Ucdn
Sever-Int
Memory
X-Scale
X-Generated-In
X-Tt-Logid
X-ZONE
Ms-Author-Via
X-VC
CacheControlHeader
X-Refresh
X-Action
X-Wikidot-Backend
X-Via-Popv
GeoIp-Country-Code
X-TH-Server
True-Client-Country-4JS
X-Via-Popn
X-Wikidot-Static-Cache
Geo-Info
X-Via-Poph
X-Xrds-Location
X-Backend-TTL
X-Ad-Defer-Variation
X-IPLB-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Servedbyhost
X-BCube-Filmed-By
Cache-Key
Candidate-Md5Url
X-S-Maxage
X-CACHE-KEY
Ohc-File-Size
X-HA-Backend
Datacenter
X-Vc
VNS-Cache
VNS-Age
X-SplitTest
CPC-Cache
CPC-Age
XM
FSS-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-RateLimit-Reset
X-VCL-Version
X-Varnish-Authentication
X-Req
Client
Geoip-Latitude
ITXSESSIONID
Fastly-Backend-Name
Edge-Cache
X-Varnish-Beresp-TTL
X-DC
Server-ID
X-Micro-Cache
My-App
X-Provided-By
X-Dynatrace
Path
X-Zone
X-WA-Info
X-Cache-Status-Check
X-Cs
Hostname
X-VHOST
X-Trace-ID
X-AIR-PT
X-Origin-Upstream-Status
X-Pass-Why
Cache-Host
DataCenter
X-Up
Ohc-Cache-HIT
X-Fpc
X-TX-ID
Ngx.Var.Host
X-LB-ID
X-FireWall-Port
True-Client-IP
X-Webkit-Csp-Report-Only
NtCoent-Length
Lb
X-NGINX-Cache
OT-Force-Account-Verify
XkeyRZ
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-LI-UUID
X-FPC
X-Li-Pop
X-Li-Fabric
X-Proxy-CacheRZ
X-CSRF-TOKEN
X-Clientip
Test
Powered-By
X-Traceid
X-ND-Cache
X-UnsetCookies
Cf-Int-Pingora-Origin-Digest
X-Time-Microsecs
X-CUA
Proxy-Connection
X-Cdn-Request-ID
X-Api-Version
X-Correlation-ID
Target-Params
X-Beluga-Record
X-Beluga-Status
X-Webkit-CSP-Report-Only
X-Fragments
Tracecode
X-Beluga-Response-Time
X-RAMCache
Resin-Trace
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
User-Agent
Cf-Device-Type
X-Vcl-Version
Server-Id
X-Azure-Ref-OriginShield
X-MSEdge-Flight
X-Var-Ttl
X-Sucuri-ID
X-ATG-Version
X-HS-Status
X-MSEdge-Features
X-FC-Vary-Parameters
X-Sucuri-Cache
X-Fastly-Backend
Lfy
X-CLOUD-TRACE-CONTEXT
X-Dmc
X-Via-PopH
X-ServedByHost
WZWS-RAY
X-Via-PopV
X-Ha-Backend
X-Via-PopN
X-URL
X-Platform-Cluster
X-Platform-Processor
X-Render-Time
X-Platform-Router
X-Geo
Rip
X-M-Reqid
GeoIP-Latitude
X-M-Log
X-INCAP-ABP
X-Li-Proto
GeoIP-Country-Code
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Qnm-Cache
X-DynaTrace-JS-Agent
Uri
Srvid
Sid
X-Cdn-Forward
X-PX
MIME-Version
Epwk-X-Cache
X-Fetch-By
X-LI-Proto
X-Gateway-Cache-Key
X-CCDN-CacheTTL
X-Proxy-Cache-Hk
X-Gateway-Request-Id
X-Gateway-Skip-Cache
Tube-Return
Tube-Got-Results
C-Via
Tube-Get-Contents
Tube-Got-Eval
X-Backend-State
X-Service
X-Gateway-Cache-Status
Click-Count-Action-Start
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Magicmarker
X-Alfa-Service
Click-Count-Error
X-Akamai-Pragma-Client-IP
X-TRACE-ID
X-Check-Cacheable
Fastly-Drupal-HTML
X-Fastly-Backend-Reqs
ENV
Esi-Enabled
X-Request-Start
X-Backend-Host
Cdn
X-Esi
X-App
X-Edge-POP
On-Server
HIT
X-Bip
X-Cache-CFC
X-B3-Traceid-Primal
X-Lb-Nocache
X-Cache-Expires
PICS-Label
X-Thanos
Server-Ttl
XServer
ServerName
X-MG-S
X-Srcache-Fetch-Status
X-LiteSpeed-Cache-Control
X-Srcache-Store-Status
Srv
Section-Io-Id
X-Newrelic-App-Data
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
Tcn
X-Yottaa-OS
CF-Cached-On
CountryCode
X-Iplb-Request-Id
X-Iplb-Instance
Cf-Ipcountry
X-APP
Wpo-Cache-Status
WebServer
X-Vcache
Wpo-Cache-Message
D-Url-Rewrites
M-TraceId
X-Cache-Config
X-Acquia-Application-UUID
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Site
X-Nc
Inserted-Into-Cache-At
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-HostName
Warning
Servedby
X-Snapshot-Date
Fastcgi-Cache-Ttl
Ngx
Cneonction
X-Release
X-Th-Server
X-Dist-Code
URI
X-Wp-Cf-Super-Cache-Cache-Control
Hit
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
Content-Style-Type
X-Litespeed-Cache-Control
X-Request-Url
X-B3-Parentspanid
X-Storefront-Renderer-Verified
X-Request-URL
X-LiteSpeed-Tag
X-CF-Powered-By
X-Akamai-Request-ID
Cteonnt-Length
X-Shopify-Generated-Cart-Token
X-Swift-Error
X-Akamai-ERRuleID
X-IN-APIGATEWAY
Content-Script-Type
X-Dw-Trace-Id
X-Back
X-Akamai-ERPolicy
X-IN-APIGATEWAYSSL